On Saturday 18 September 2004 21:31, Alexei Monastyrnyi wrote:
And what was the result of that struggle? Didi you make it work?
Yes, I did. In some other thread someone mentioned that it is mandatory to put all users and machines accounts to ou=People due to some weird samba design decision. However, it isn't mentioned in any howto, neither official nor idealx's, and samba doesn't complain about it in any way either. Too bad...for me.
Actually it is mentioned in the samba guide: Chapter 6: http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html
1/2 way down the page just before table 6.2 there is a "Note"
==quote==
In the following examples, as the LDAP database is initialized, we do create a container for Computer (machine) accounts. In the Samba-3 smb.conf files, specific use is made of the People container, not the Computers container, for domain member accounts. This is not a mistake; it is a deliberate action that is necessitated by the fact that there is a bug in Samba-3 that prevents it from being able to search the LDAP database for computer accounts if they are placed in the Computers container. By placing all machine accounts in the People container, we are able to side-step this bug. It is expected that at some time in the future this problem will be resolved. At that time, it will be possible to use the Computers container in order to keep machine accounts separate from user accounts.
==endquote==
However the samba Howto is very vaugue http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2533197
Under "Accounts and Group Management"
==quote==
Machine accounts are managed with the sambaSamAccount objectclass, just like users accounts. However, it is up to you to store those accounts in a different tree of your LDAP namespace. You should use “ou=Groups,dc=quenya,dc=org” to store groups and “ou=People,dc=quenya,dc=org” to store users. Just configure your NSS and PAM accordingly (usually, in the /etc/openldap/sldap.conf configuration file).
==endquote==
I am having similar symptoms as well although I am using the same container for both Users and Computers.
The symptoms being "User not found" when trying to join domain from 2k box. I'm still investigating at the moment although this worked fine with samba 3.0.4 with exactly same config.
Samba is now 3.0.7
Not sure about the IDELX scripts as they came with the samba gentoo package so i'm about to look to see what version they really are.
Nathan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
